Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label hardware vulnerabilities. Show all posts
Malicious Devices
Connected Devices Cyber Security data security Device Security hardware vulnerabilities Laptops Malicious Devices

What Are USB Kill Sticks and How They Can Destroy Your Devices

 

Most people think of USB drives as simple tools for storing and transferring files. But not all USB sticks are as harmless as they appear. Some, known as “USB Kill Sticks” or “USB Killers,” are specifically designed to damage or destroy electronic devices within seconds of being plugged in. These malicious devices work by rapidly charging and discharging internal capacitors, sending high-voltage surges into the host device’s USB ports. 

The result? Severe hardware damage, often irreversible. A notable case in 2019 involved a man who used a USB Killer to destroy 66 computers at a college in New York, causing over $58,000 in damages. USB Killers can affect nearly any device with a USB port—laptops, smartphones, TVs, game consoles, and more. Some systems may suffer total failure, while others, like the MacBook Air M2, may only have their ports rendered inoperative. Originally developed by a security team in Hong Kong for testing device durability, USB Kill Sticks are now sold commercially. 

The most recent version, USB Kill v4, starts at $59. A more advanced “Kit” version includes adapters for compatibility with smartphones, printers, routers, and other electronics. What makes version 4 especially dangerous is its built-in battery. This allows it to deliver a destructive surge even if the target device is turned off, effectively bypassing USB-C and Lightning port security systems. Some models can be triggered remotely or on a timed schedule, making it incredibly difficult to trace the source of an attack. 

Though these tools were initially intended for testing and security purposes by manufacturers and law enforcement, their public availability raises serious concerns. In the wrong hands, they become tools of sabotage and theft. Defending against USB Killers isn’t easy. Even disabling USB ports in software won’t prevent voltage surges. The best strategy is to avoid plugging in unknown USB devices entirely. 

For added protection, you can physically block USB ports or invest in a USB Kill Shield, which costs around $25. This shield allows normal data flow while detecting and preventing surge attacks. Always be cautious with unfamiliar USB devices—what looks like a regular flash drive might be a silent destroyer in disguise.
Read more »
Password Hacking
Authentication Cyber Security Google security hardware vulnerabilities Passkey Security Passkeys Password Hacking

Why Passkeys Are the Future of Digital Authentication

 

Passwords have been a fundamental aspect of digital security for years, but they come with significant drawbacks. They are not only a hassle to remember but also vulnerable to various hacking techniques. Passkeys have emerged as a robust alternative, offering a more secure and user-friendly approach to account authentication. This new method utilizes your device, such as a smartphone or laptop, as an authenticator, employing either a PIN or biometric verification like fingerprint or facial recognition. 

The primary advantage of passkeys is that they eliminate the need for passwords entirely. This reduces the risk of phishing attacks, as there is no password for hackers to steal or guess. Additionally, passkeys are tied to the user’s device, making unauthorized access much more difficult. Without passwords to remember, users can enjoy a more streamlined and secure login experience. Major tech companies are already supporting the adoption of passkeys. For instance, setting up passkeys on a Google account involves visiting the Google Passkeys page and configuring the passkey with your device. Microsoft accounts can similarly be secured with Windows Hello or a PIN. Apple integrates passkeys with iCloud Keychain, making it easy for users to transition. These companies are not alone. Other platforms like Amazon, Adobe, Discord, eBay, GitHub, LinkedIn, Shopify, and WhatsApp have also embraced passkeys. 

This widespread support highlights the growing recognition of passkeys as the future of digital security. One concern with passkeys is the potential for losing access if the device is lost. Fortunately, most major tech companies allow passkeys to be synced across devices or securely stored in the cloud with end-to-end encryption. This means that users can restore their passkeys on a new device if their original one is lost. 

However, if a hardware security key is lost and not backed up, access to accounts could be permanently lost. Despite these concerns, device-based authentication is inherently secure. Modern devices are equipped with advanced security measures that make unauthorized access extremely difficult. Even if a device is stolen, the thief would need to bypass biometric or PIN verification to access sensitive information. Passkeys are stored in a Trusted Platform Module (TPM), ensuring that they are securely protected. In summary, passkeys represent a significant advancement in digital security. 

They offer a more secure, user-friendly alternative to traditional passwords, addressing many of the vulnerabilities associated with password-based authentication. As more services and devices adopt this technology, passkeys are poised to become the standard for secure online access. This shift not only enhances security but also simplifies the user experience, making it easier for individuals to protect their digital identities.
Read more »
SLAM attack
AMD CPUs Cyber Security future Intel processors hardware vulnerabilities sensitive data theft SLAM attack

Fresh SLAM Attack Extracts Sensitive Data from AMD CPUs and Upcoming Intel Processors

 

Academic researchers have unveiled a novel side-channel attack named SLAM, designed to exploit hardware enhancements meant to bolster security in forthcoming CPUs from major manufacturers like Intel, AMD, and Arm. The attack aims to retrieve the root password hash from the kernel memory through a transient execution technique.

SLAM takes advantage of a memory feature allowing software to utilize untranslated address bits in 64-bit linear addresses for metadata storage. Diverse CPU vendors implement this feature differently, with Intel calling it Linear Address Masking (LAM), AMD labeling it Upper Address Ignore (UAI), and Arm referring to it as Top Byte Ignore (TBI). 

The SLAM attack, an abbreviation for Spectre based on LAM, was identified by researchers at Vrije Universiteit Amsterdam's Systems and Network Security Group (VUSec Group). They demonstrated the attack's viability by emulating the upcoming LAM feature from Intel on a previous-generation Ubuntu system.

According to VUSec, SLAM primarily affects future chips meeting specific criteria due to a lack of robust canonicality checks in their designs. Despite advanced hardware features like LAM, UAI, and TBI improving memory security, they introduce exploitable micro-architectural race conditions.

The attack hinges on a new transient execution technique focusing on exploiting a previously unexplored class of Spectre disclosure gadgets, particularly those involving pointer chasing. Gadgets are manipulable instructions in software code that, when exploited, trigger speculative execution, revealing sensitive information. The SLAM attack specifically targets "unmasked" gadgets using secret data as a pointer, commonly found in software, allowing attackers to leak arbitrary ASCII kernel data.

To demonstrate the attack, researchers developed a scanner identifying hundreds of exploitable gadgets on the Linux kernel. While executing the attack, an attacker must run code on the target system that interacts with unmasked gadgets, measuring side effects with sophisticated algorithms to extract sensitive information like passwords or encryption keys from the kernel memory.

The SLAM attack impacts various processors, including existing vulnerable AMD CPUs, future Intel CPUs supporting LAM, future AMD CPUs supporting UAI and 5-level paging, and future Arm CPUs supporting TBI and 5-level paging. 

In response to SLAM, Arm asserted its systems already mitigate against Spectre v2 and Spectre-BHB, with no further action planned. AMD referenced existing Spectre v2 mitigations, while Intel announced plans for software guidance and the deployment of security extensions before releasing future processors supporting LAM. Meanwhile, Linux engineers have devised patches to disable LAM until further guidance becomes available.
Read more »
Subscribe to: Posts (Atom)